SAP Business Objects Logs in Splunk

SlothB77 · ‎08-06-2018

Our organization has Splunk Universal Forwarder installed on the same server our SAP Business Objects server is installed. We have SAP Business Objects logs in two folders:

Our SAP BusinessObjects Enterprise logs
Tomcat logs

Is there a way to point the Splunk forwarder to those folders to collect those logs? Or, if it is already doing so, is there a way to returns just the logs from those folders in a search?

becksyboy · ‎05-21-2019

Hi @SlothB77 how did you SAP BO logs onboardng go? We are looking to do the same. Do you have any tips for this and did you have to write any custom props/transforms?

renjith_nair · ‎08-06-2018

@SlothB77,

You can set up a monitor in your splunk forwarder's $SPLUNK_HOME/etc/system/default/inputs.conf to monitor the log from the folders . Sample configuration

[monitor://path/to/file]
sourcetype="type of your log"
index="index you want to use for these logs"
setting_n-1 = value
settings_n = value

Details are in http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Monitorfilesanddirectorieswithinputs.conf

Once you have the logs in splunk , you could just search for the source or sourceype what you have used above.

Eg :

source="path to SAP enterprise log" OR source="path to tomcat log"

---
What goes around comes around. If it helps, hit it with Karma 🙂

SAP Business Objects Logs in Splunk

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?